{"id":1856,"date":"2021-06-29T11:00:23","date_gmt":"2021-06-29T09:00:23","guid":{"rendered":"https:\/\/mikadmin.fr\/blog\/?p=1856"},"modified":"2023-10-28T13:40:35","modified_gmt":"2023-10-28T11:40:35","slug":"linux-privilege-escalation-docker-group","status":"publish","type":"post","link":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/","title":{"rendered":"Linux Privilege Escalation : Docker Group"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span><p>Views: 1310<\/p>\n<div style=\"height:43px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"387\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/02\/1_y6CvfE6WUgoIdT8Mp0Ev_g-1024x387.png\" alt=\"docker group\" class=\"wp-image-1093\" style=\"width:625px;height:236px\"\/><\/figure>\n<\/div>\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">\ud83d\udea9 Dans cet article <strong>Docker Group LPE<\/strong>, nous allons passer d&rsquo;un <strong>utilisateur lambda<\/strong> sans droits mais dans le groupe <strong><span style=\"color:#0693e3\" class=\"tadv-color\">docker<\/span><\/strong> \u00e0 l&rsquo;<strong>utilisateur root<\/strong> \u00e0 l&rsquo;aide d&rsquo;une <strong>mauvaise configuration<\/strong> et utilisation de <a href=\"https:\/\/www.docker.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">docker<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\" style=\"font-size:40px\">Docker Group Privilege Escalation :<\/h2>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">\ud83e\uddfe Afin de r\u00e9aliser cette attaque, j&rsquo;ai install\u00e9 une machine <strong><span style=\"color:#fcb900\" class=\"tadv-color\">Linux<\/span><\/strong> ayant d\u00e9j\u00e0 <strong><span style=\"color:#0693e3\" class=\"tadv-color\">docker<\/span><\/strong> de pr\u00e9install\u00e9 \u00e0 l&rsquo;aide de ce <a href=\"https:\/\/mikadmin.fr\/blog\/installer-et-configurer-facilement-docker\/\" target=\"_blank\" rel=\"noreferrer noopener\">tutoriel<\/a> suivant et en mettant <strong>l&rsquo;utilisateur <span style=\"color:#cf2e2e\" class=\"tadv-color\">ubuntu18<\/span><\/strong> dans le groupe <strong><span style=\"color:#0693e3\" class=\"tadv-color\">docker<\/span><\/strong> \u00e0 ce moment de l&rsquo;installation :<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/02\/image-1.png\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Comme pr\u00e9vu notre utilisateur fait bien parti du groupe <strong><span style=\"color:#0693e3\" class=\"tadv-color\">docker<\/span><\/strong> !<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"49\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_50.png\" alt=\"\" class=\"wp-image-1868\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_50.png 576w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_50-300x26.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_50-150x13.png 150w\" sizes=\"auto, (max-width: 576px) 100vw, 576px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:18px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Ce qui nous permet d&rsquo;utiliser <strong><span style=\"color:#0693e3\" class=\"tadv-color\">docker<\/span><\/strong> compl\u00e8tement avec cet utilisateur et donc de monter le volume h\u00f4te sur l&rsquo;un de nos conteneurs.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\" style=\"font-size:37px\">Premier cas<\/h2>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">\u26a0\ufe0f Dans ce premier cas, nous partons du principe que nous avons un <strong>acc\u00e8s sur la machine direct<\/strong> et qu&rsquo;elle a bien <strong>acc\u00e8s \u00e0 internet<\/strong> sans r\u00e8gles sp\u00e9cifiques au niveau du <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">firewall<\/span><\/strong>.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Nous allons tout simplement <strong>pull<\/strong> une image comme par exemple celle d&rsquo;<strong>ubuntu<\/strong> qui n&rsquo;est pas pr\u00e9sente sur la machine c&rsquo;est donc pour cette raison que nous avons besoin d&rsquo;un acc\u00e8s r\u00e9seau vers le <span style=\"color:#0693e3\" class=\"tadv-color\"><strong>docker hub<\/strong>.<\/span><\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">docker run -v \/:\/mnt -it ubuntu<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"751\" height=\"212\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_1-1.png\" alt=\"docker group\" class=\"wp-image-1869\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_1-1.png 751w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_1-1-300x85.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_1-1-150x42.png 150w\" sizes=\"auto, (max-width: 751px) 100vw, 751px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Gr\u00e2ce \u00e0 ceci nous pouvons lire le fichier pr\u00e9sent dans <strong>\/root<\/strong> et prouvant la r\u00e9ussite de cette technique :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"457\" height=\"99\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_2-1.png\" alt=\"docker group\" class=\"wp-image-1870\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_2-1.png 457w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_2-1-300x65.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_2-1-150x32.png 150w\" sizes=\"auto, (max-width: 457px) 100vw, 457px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">\ud83d\udccc Il est possible apr\u00e8s \u00e7a de changer\/supprimer le hash de l&rsquo;utilisateur root dans le fichier <strong>\/etc\/shadow<\/strong> et \u00e9galement de cr\u00e9er une <strong>cl\u00e9 ssh<\/strong> pour ce m\u00eame utilisateur.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\" style=\"font-size:35px\">Second cas<\/h2>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">\u26a0\ufe0f Dans notre second cas, nous partons du principe que nous sommes dans un <strong>CTF<\/strong> et <strong>connect\u00e9 via VPN<\/strong> et donc nous ne pouvons pas sortir sur internet, en g\u00e9n\u00e9ral une image est pr\u00e9sente volontairement pour nous permettre d&rsquo;exploiter cette technique.<\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">J&rsquo;ai donc volontairement pull <strong>l&rsquo;image alpine<\/strong> et r\u00e9p\u00e9ter la m\u00eame m\u00e9thode que le premier cas.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"591\" height=\"133\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_3-1.png\" alt=\"\" class=\"wp-image-1871\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_3-1.png 591w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_3-1-300x68.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_3-1-150x34.png 150w\" sizes=\"auto, (max-width: 591px) 100vw, 591px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Et c&rsquo;est parti pour la m\u00eame op\u00e9ration mais avec <strong>l&rsquo;image alpine locale<\/strong> d\u00e9j\u00e0 pr\u00e9sente sur la machine cible.<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">docker run -v \/:\/mnt -it alpine<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"761\" height=\"194\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_4-1.png\" alt=\"\" class=\"wp-image-1872\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_4-1.png 761w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_4-1-300x76.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/Screenshot_4-1-150x38.png 150w\" sizes=\"auto, (max-width: 761px) 100vw, 761px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. <a href=\"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/\" class=\"more-link\">Continuer la lecture <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1860,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[4,3],"tags":[21,27,5,9,45],"class_list":["post-1856","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infosec","category-system","tag-ctf","tag-docker","tag-infosec","tag-linux","tag-pentest"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Mika\"\/>\n\t<meta name=\"keywords\" content=\"docker,docker group,linux privilege escalation,pentest,ctf,tryhackme,hack the box,hack,hacking,linux,ubuntu,debian,privesc,infosec,system\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"fr_FR\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Mika&#039;s Blog | Sysadmin, Network &amp; Infosec\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Linux Privilege Escalation : Docker Group | Mika&#039;s Blog\" \/>\n\t\t<meta property=\"og:description\" content=\"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2021-06-29T09:00:23+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2023-10-28T11:40:35+00:00\" \/>\n\t\t<meta property=\"article:author\" content=\"mikadmin\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Linux Privilege Escalation : Docker Group | Mika&#039;s Blog\" \/>\n\t\t<meta name=\"twitter:description\" content=\"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mika_sec\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg\" \/>\n\t\t<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t\t<meta name=\"twitter:data1\" content=\"Mika\" \/>\n\t\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#article\",\"name\":\"Linux Privilege Escalation : Docker Group | Mika's Blog\",\"headline\":\"Linux Privilege Escalation : Docker Group\",\"author\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/dockerHacked-915x429-1-e1624873427787.jpg\",\"width\":175,\"height\":82},\"datePublished\":\"2021-06-29T11:00:23+02:00\",\"dateModified\":\"2023-10-28T13:40:35+02:00\",\"inLanguage\":\"fr-FR\",\"commentCount\":2,\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#webpage\"},\"articleSection\":\"infosec, system, ctf, docker, infosec, linux, pentest\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mikadmin.fr\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/#listItem\",\"name\":\"system\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/#listItem\",\"position\":2,\"name\":\"system\",\"item\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#listItem\",\"name\":\"Linux Privilege Escalation : Docker Group\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#listItem\",\"position\":3,\"name\":\"Linux Privilege Escalation : Docker Group\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/#listItem\",\"name\":\"system\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#organization\",\"name\":\"Mika's Blog\",\"description\":\"Sysadmin, Network & Infosec\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/favicon.ico\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#organizationLogo\",\"width\":16,\"height\":16},\"image\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#organizationLogo\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/\",\"name\":\"Mika\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#authorImage\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/qV4LCrel_400x400-1-150x150.jpg\",\"width\":96,\"height\":96,\"caption\":\"Mika\"},\"sameAs\":[\"mikadmin\",\"https:\\\/\\\/twitter.com\\\/mika_sec\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#webpage\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/\",\"name\":\"Linux Privilege Escalation : Docker Group | Mika's Blog\",\"description\":\"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.\",\"inLanguage\":\"fr-FR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/dockerHacked-915x429-1-e1624873427787.jpg\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#mainImage\",\"width\":175,\"height\":82},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-docker-group\\\/#mainImage\"},\"datePublished\":\"2021-06-29T11:00:23+02:00\",\"dateModified\":\"2023-10-28T13:40:35+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/\",\"name\":\"Mika's Blog\",\"description\":\"Sysadmin, Network & Infosec\",\"inLanguage\":\"fr-FR\",\"publisher\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Linux Privilege Escalation : Docker Group | Mika's Blog","description":"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.","canonical_url":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/","robots":"max-image-preview:large","keywords":"docker,docker group,linux privilege escalation,pentest,ctf,tryhackme,hack the box,hack,hacking,linux,ubuntu,debian,privesc,infosec,system","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#article","name":"Linux Privilege Escalation : Docker Group | Mika's Blog","headline":"Linux Privilege Escalation : Docker Group","author":{"@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author"},"publisher":{"@id":"https:\/\/mikadmin.fr\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","width":175,"height":82},"datePublished":"2021-06-29T11:00:23+02:00","dateModified":"2023-10-28T13:40:35+02:00","inLanguage":"fr-FR","commentCount":2,"mainEntityOfPage":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#webpage"},"isPartOf":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#webpage"},"articleSection":"infosec, system, ctf, docker, infosec, linux, pentest"},{"@type":"BreadcrumbList","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog#listItem","position":1,"name":"Home","item":"https:\/\/mikadmin.fr\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/category\/system\/#listItem","name":"system"}},{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/category\/system\/#listItem","position":2,"name":"system","item":"https:\/\/mikadmin.fr\/blog\/category\/system\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#listItem","name":"Linux Privilege Escalation : Docker Group"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#listItem","position":3,"name":"Linux Privilege Escalation : Docker Group","previousItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/category\/system\/#listItem","name":"system"}}]},{"@type":"Organization","@id":"https:\/\/mikadmin.fr\/blog\/#organization","name":"Mika's Blog","description":"Sysadmin, Network & Infosec","url":"https:\/\/mikadmin.fr\/blog\/","logo":{"@type":"ImageObject","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/favicon.ico","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#organizationLogo","width":16,"height":16},"image":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#organizationLogo"}},{"@type":"Person","@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author","url":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/","name":"Mika","image":{"@type":"ImageObject","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#authorImage","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/qV4LCrel_400x400-1-150x150.jpg","width":96,"height":96,"caption":"Mika"},"sameAs":["mikadmin","https:\/\/twitter.com\/mika_sec"]},{"@type":"WebPage","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#webpage","url":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/","name":"Linux Privilege Escalation : Docker Group | Mika's Blog","description":"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.","inLanguage":"fr-FR","isPartOf":{"@id":"https:\/\/mikadmin.fr\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#breadcrumblist"},"author":{"@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author"},"creator":{"@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#mainImage","width":175,"height":82},"primaryImageOfPage":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/#mainImage"},"datePublished":"2021-06-29T11:00:23+02:00","dateModified":"2023-10-28T13:40:35+02:00"},{"@type":"WebSite","@id":"https:\/\/mikadmin.fr\/blog\/#website","url":"https:\/\/mikadmin.fr\/blog\/","name":"Mika's Blog","description":"Sysadmin, Network & Infosec","inLanguage":"fr-FR","publisher":{"@id":"https:\/\/mikadmin.fr\/blog\/#organization"}}]},"og:locale":"fr_FR","og:site_name":"Mika's Blog | Sysadmin, Network &amp; Infosec","og:type":"article","og:title":"Linux Privilege Escalation : Docker Group | Mika's Blog","og:description":"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.","og:url":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-docker-group\/","og:image":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","og:image:secure_url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","article:published_time":"2021-06-29T09:00:23+00:00","article:modified_time":"2023-10-28T11:40:35+00:00","article:author":"mikadmin","twitter:card":"summary","twitter:title":"Linux Privilege Escalation : Docker Group | Mika's Blog","twitter:description":"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.","twitter:creator":"@mika_sec","twitter:image":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","twitter:label1":"\u00c9crit par","twitter:data1":"Mika","twitter:label2":"Estimation du temps de lecture","twitter:data2":"2 minutes"},"aioseo_meta_data":{"post_id":"1856","title":null,"description":"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.","keywords":[{"label":"docker","value":"docker"},{"label":"docker group","value":"docker group"},{"label":"linux privilege escalation","value":"linux privilege escalation"},{"label":"pentest","value":"pentest"},{"label":"ctf","value":"ctf"},{"label":"tryhackme","value":"tryhackme"},{"label":"hack the box","value":"hack the box"},{"label":"hack","value":"hack"},{"label":"hacking","value":"hacking"},{"label":"linux","value":"linux"},{"label":"ubuntu","value":"ubuntu"},{"label":"debian","value":"debian"},{"label":"privesc","value":"privesc"}],"keyphrases":{"focus":{"keyphrase":"docker group","score":100,"analysis":{"keyphraseInTitle":{"score":9,"maxScore":9,"error":0},"keyphraseInDescription":{"score":9,"maxScore":9,"error":0},"keyphraseLength":{"score":9,"maxScore":9,"error":0,"length":2},"keyphraseInURL":{"score":5,"maxScore":5,"error":0},"keyphraseInIntroduction":{"score":9,"maxScore":9,"error":0},"keyphraseInSubHeadings":{"score":9,"maxScore":9,"error":0},"keyphraseInImageAlt":{"score":9,"maxScore":9,"error":0},"keywordDensity":{"type":"best","score":9,"maxScore":9,"error":0}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":"#post_title #separator_sa #site_title","og_description":"In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker.","og_object_type":"default","og_image_type":"custom_image","og_image_url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","og_image_width":"0","og_image_height":"0","og_image_custom_url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/06\/dockerHacked-915x429-1-e1624873427787.jpg","og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":[],"twitter_use_og":true,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[],"defaultGraph":"Article","defaultPostTypeGraph":""},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"}}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2021-06-28 09:39:20","updated":"2025-06-17 16:28:32","seo_analyzer_scan_date":null},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/1856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/comments?post=1856"}],"version-history":[{"count":1,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/1856\/revisions"}],"predecessor-version":[{"id":2971,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/1856\/revisions\/2971"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media\/1860"}],"wp:attachment":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media?parent=1856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/categories?post=1856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/tags?post=1856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}